Re: [atomic] Using Atomic Scan on CAH

[Steve Poe <steve poe gmail com>]

Micah,

Thank you! That got me a step closer. I originally looked in the blogs section on the project Atomic site, but I didn't see what you mentioned.

As a test, I downloaded the Centos6 image:
docker.io/centos            centos6             8315978ceaaa        3 months ago        195 MB

Ran 'atomic scan 8315978ceaaa' but received  an error:

8315978ceaaa (docker.io/centos:centos6)
     8315978ceaaa is not supported for this scan.

On Thu, Feb 2, 2017 at 9:30 AM, Micah Abbott <miabbott redhat com> wrote:

On 02/02/2017 12:13 PM, Steve Poe wrote:

I am reading about the ability to scan my images for known vulnerabilities.

On the Atomic host I created, I updated /etc/atomic.conf file and added
the line:
'default_scanner: openscap'

However, the change does not work for me:

atomic scan --list
There are no scanners configured for this system.

What am I doing wrong?


CAH info:
centos-atomic-continuous:centos-atomic-host/7/x86_64/devel/alpha
       Version: 7.2017.15 (2017-01-31 00:49:10)

I don't think the 'atomic scan' command will work right out of the box with just that configuration.

You'll need to specify a scanner definition in '/etc/atomic.d/' like shown here:

https://github.com/projectatomic/atomic/blob/master/atomic.d/openscap

That should get you going in the right direction.